From 5fecc3060f0565af004368cd0856df848ca0127a Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 12:09:27 +0100 Subject: ci(commit-qc-checks): add initial qc checks for commits using ga" it will: - lint python scripts - check python script formatting - check python script security - check formatting for tf scripts - validate tf configuration --- .github/workflows/on-commit.yml | 60 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/on-commit.yml (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml new file mode 100644 index 0000000..e429651 --- /dev/null +++ b/.github/workflows/on-commit.yml @@ -0,0 +1,60 @@ +name: commit-qc-checks + +on: + push: + branches-ignore: + - 'main' + +jobs: + check-if-py-files-exist: + runs-on: ubuntu-latest + outputs: + py_files_exist: ${{ steps.check.outputs.py_files_exist }} + steps: + - uses: actions/checkout@v2 + - id: check_files + run: | + if [ -n "$(find . -name '*.py')" ]; then + echo "::set-output name=py_files_exist::true" + else + echo "::set-output name=py_files_exist::false" + fi + + quality-checks: + needs: check-if-py-files-exist + if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} + runs-on: ubuntu-latest + steps: + - uses : actions/checkout@v2 + - name : 'Python: Setup' + uses : actions/setup-python@v2 + with: + python-version: 3.11 + - name : 'Python: Install Dependencies' + run: | + python -m pip install --upgrade pip + pip install flake8 pylint black bandit safety + - name : 'Python: Linting' + run: | + flake8 . + find . -name "*.py" | xargs pylint + - name : 'Python: Formatting' + run: | + black --check . + - name: 'Python: Security' + run: | + bandit -r . + safety check + - name: 'Terraform: Setup' + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: latest + - name: 'Terraform: Formatting' + working-directory: ./terraform + run: terraform fmt -check -recursive + - name: 'Terraform: Initialise' + working-directory: ./terraform + run: terraform init -backend=false + - name: 'Terraform: Validate' + working-directory: ./terraform + run: terraform validate -- cgit v1.2.3 From 1c80682afe1ace3ad96982233b90e255ed9b4a20 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 14:53:58 +0100 Subject: ci: remove check if py files exist since we have some python/terraform files now, we shouldn't require this now! --- .github/workflows/on-commit.yml | 16 ---------------- 1 file changed, 16 deletions(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index e429651..2b6061c 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -6,23 +6,7 @@ on: - 'main' jobs: - check-if-py-files-exist: - runs-on: ubuntu-latest - outputs: - py_files_exist: ${{ steps.check.outputs.py_files_exist }} - steps: - - uses: actions/checkout@v2 - - id: check_files - run: | - if [ -n "$(find . -name '*.py')" ]; then - echo "::set-output name=py_files_exist::true" - else - echo "::set-output name=py_files_exist::false" - fi - quality-checks: - needs: check-if-py-files-exist - if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} runs-on: ubuntu-latest steps: - uses : actions/checkout@v2 -- cgit v1.2.3 From 65e899353bb71be9a087c5738e6b3c2abdda87e4 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:06:13 +0100 Subject: ci: update bandit command --- .github/workflows/on-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 2b6061c..5f3aebf 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -27,7 +27,7 @@ jobs: black --check . - name: 'Python: Security' run: | - bandit -r . + bandit -lll */*.py *c/*.py safety check - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 -- cgit v1.2.3 From b3c2954488127ac165ab6ad0e4b09cf68456f3f9 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:13:14 +0100 Subject: ci: update checkout & python action versions --- .github/workflows/on-commit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 5f3aebf..01de8d7 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -9,9 +9,9 @@ jobs: quality-checks: runs-on: ubuntu-latest steps: - - uses : actions/checkout@v2 + - uses : actions/checkout@v4 - name : 'Python: Setup' - uses : actions/setup-python@v2 + uses : actions/setup-python@v5 with: python-version: 3.11 - name : 'Python: Install Dependencies' -- cgit v1.2.3 From acf776a3732de3676e6178c27b8a46b564f36ad3 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:16:12 +0100 Subject: ci: remove security checks --- .github/workflows/on-commit.yml | 4 ---- 1 file changed, 4 deletions(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 01de8d7..937aeaa 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -25,10 +25,6 @@ jobs: - name : 'Python: Formatting' run: | black --check . - - name: 'Python: Security' - run: | - bandit -lll */*.py *c/*.py - safety check - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: -- cgit v1.2.3 From 3ee88c87fbae7e9968c4fc7f9aae5e7f28581aad Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:32:53 +0100 Subject: ci: separate python & terraform jobs --- .github/workflows/on-commit.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 937aeaa..e4eb4f8 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -6,7 +6,7 @@ on: - 'main' jobs: - quality-checks: + python-quality-checks: runs-on: ubuntu-latest steps: - uses : actions/checkout@v4 @@ -25,6 +25,9 @@ jobs: - name : 'Python: Formatting' run: | black --check . + terraform-quality-checks: + runs-on: ubuntu-latest + steps: - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: @@ -37,4 +40,4 @@ jobs: run: terraform init -backend=false - name: 'Terraform: Validate' working-directory: ./terraform - run: terraform validate + run: terraform validate \ No newline at end of file -- cgit v1.2.3 From 6964625c65ae1552b8182891cf47997e480cce5e Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:34:03 +0100 Subject: fix(ci): correct terraform folder path --- .github/workflows/on-commit.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index e4eb4f8..355729e 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -33,11 +33,11 @@ jobs: with: terraform_version: latest - name: 'Terraform: Formatting' - working-directory: ./terraform + working-directory: terraform run: terraform fmt -check -recursive - name: 'Terraform: Initialise' - working-directory: ./terraform + working-directory: terraform run: terraform init -backend=false - name: 'Terraform: Validate' - working-directory: ./terraform + working-directory: terraform run: terraform validate \ No newline at end of file -- cgit v1.2.3 From e5f2d8c98dd029bfb9926c35002abcf998510cf7 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:37:26 +0100 Subject: fix(ci): add missing checkout action --- .github/workflows/on-commit.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 355729e..a4e66bb 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -28,6 +28,7 @@ jobs: terraform-quality-checks: runs-on: ubuntu-latest steps: + - uses : actions/checkout@v4 - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: -- cgit v1.2.3 From 47f5abae5b1b033a805b08c2a00d7df0bb0dcd97 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:41:35 +0100 Subject: test(ci): add continue-on-error for debugging --- .github/workflows/on-commit.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to '.github/workflows/on-commit.yml') diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index a4e66bb..fd9ffb8 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -18,13 +18,16 @@ jobs: run: | python -m pip install --upgrade pip pip install flake8 pylint black bandit safety + continue-on-error: true - name : 'Python: Linting' run: | flake8 . find . -name "*.py" | xargs pylint + continue-on-error: true - name : 'Python: Formatting' run: | black --check . + continue-on-error: true terraform-quality-checks: runs-on: ubuntu-latest steps: @@ -36,9 +39,12 @@ jobs: - name: 'Terraform: Formatting' working-directory: terraform run: terraform fmt -check -recursive + continue-on-error: true - name: 'Terraform: Initialise' working-directory: terraform run: terraform init -backend=false + continue-on-error: true - name: 'Terraform: Validate' working-directory: terraform - run: terraform validate \ No newline at end of file + run: terraform validate + continue-on-error: true \ No newline at end of file -- cgit v1.2.3